CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-26883 – bpf: Fix stackmap overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26883
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVM... • https://git.kernel.org/stable/c/063c722dd9d285d877e6fd499e753d6224f4c046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26882 – net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
https://notcve.org/view.php?id=CVE-2024-26882
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") 1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure t... • https://git.kernel.org/stable/c/c54419321455631079c7d6e60bc732dd0c5914c5 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26881 – net: hns3: fix kernel crash when 1588 is received on HIP08 devices
https://notcve.org/view.php?id=CVE-2024-26881
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the access of hdev->ptp->flags will cause a kernel crash: [ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 [ 5888.946475] Unable to handle kerne... • https://git.kernel.org/stable/c/0bf5eb788512187b744ef7f79de835e6cbe85b9c • CWE-476: NULL Pointer Dereference •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26880 – dm: call the resume method on internal suspend
https://notcve.org/view.php?id=CVE-2024-26880
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not paired correctly; there were two consecutive calls to the origin_postsuspend function. The second call attempts to remove the "hash_list" entry from a list, while it was already removed by the first call. Fix __dm_internal_resume so ... • https://git.kernel.org/stable/c/ffcc39364160663cda1a3c358f4537302a92459b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26879 – clk: meson: Add missing clocks to axg_clk_regmaps
https://notcve.org/view.php?id=CVE-2024-26879
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panic during cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001fc ... [ 57.430002] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 57.436900] pc : regmap_read+0x1c/0x88 [ 57.440608] lr : clk_regmap_gate_is_enabled+0x3c/0xb0 [ ... • https://git.kernel.org/stable/c/14ebb3154b8f3d562cb18331b08ff1a22609ae59 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26878 – quota: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-26878
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after... • https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26877 – crypto: xilinx - call finalize with bh disabled
https://notcve.org/view.php?id=CVE-2024-26877
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules linked in: cryptodev(O) CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 40000... • https://git.kernel.org/stable/c/4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26876 – drm/bridge: adv7511: fix crash on irq during probe
https://notcve.org/view.php?id=CVE-2024-26876
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511_probe(). If an IRQ already is pending during adv7511_probe (before adv7511_cec_init) then cec_received_msg_ts could crash using uninitialized data: Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5 Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP Call trace: cec_received_msg_ts+0x48/0x990 [cec] adv7511_cec... • https://git.kernel.org/stable/c/3b1b975003e4a3da4b93ab032487a3ae4afca7b5 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26875 – media: pvrusb2: fix uaf in pvr2_context_set_notify
https://notcve.org/view.php?id=CVE-2024-26875
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_h... • https://git.kernel.org/stable/c/e5be15c63804e05b5a94197524023702a259e308 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26874 – drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
https://notcve.org/view.php?id=CVE-2024-26874
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, ... • https://git.kernel.org/stable/c/119f5173628aa7a0c3cf9db83460d40709e8241d •